The IPv6 Probe OptionJuniper Networks2251 Corporate Park DriveHerndon20171VirginiaUSArbonica@juniper.netComcast1717 John F Kennedy Blvd.PhiladelphiaPA19103USAjohn_leddy@comcast.comINT Area
6manIPv6Destination OptionThis document defines a new IPv6 option, called the Probe option. The
Probe option elicits an ICMPv6 Parameter Problem message from all nodes
that process it. When a node sends a packet that contains the Probe
option and receives an ICMPv6 Parameter Problem message in response, it
has verified the network's ability to convey packets that contain the
Probe option.In IPv6, optional internet-layer
information is encoded in extension headers. Two extension headers, the
Hop-by-Hop Options header and the Destination Options header, contain a
variable number of options. Each option contains the following
fields:Option TypeOpt Data LengthOption DataThe Option Type identifiers are encoded so that their
highest-order 2 bits specify the action to be taken if the processing
node does not recognize the option. Encodings follow:00 - Skip over the option and continue processing the header.01 - Discard the packet.10 - Discard the packet and send an ICMPv6 Parameter Problem, Code 2, message to
the packet's Source Address, pointing to the unrecognized Option
Type.11 - Discard the packet and, only if the packet's Destination
Address was not a multicast address, send an ICMPv6 Parameter
Problem, Code 2, message to the packet's Source Address, pointing to
the unrecognized Option Type.Several upper-layer protocols emit packets that contain IPv6
destination options. These protocols rely the network to convey packets
that contain the IPv6 Destination Options header.A subset of those protocols emit IPv6 destination options with
high-order bits equal to "10" and "11". These IPv6 destination options
elicit ICMPv6 Parameter Problem messages from destination nodes that do
not recognize them. The above-mentioned protocols perform better when
the network can convey ICMPv6 Parameter Problem messages from the
destination node to the source node.Operational experience reveals that a
significant number of networks drop all packets that contain the IPv6
Destination Options header. Similarly, a significant number of networks
allow packets that contain the IPv6 Destination Options header, but only
if Destination Options header does not exceed a specific size. Finally,
many networks drop all ICMP Parameter Problem messages.This document describes procedures by which a source node can
discover relevant capabilities of the network that connects it to a
destination node. Using these procedures, the source node can
determine:Whether the network can convey a packet containing a Destination
Options header of a specific size from the source node to a
destination node.Whether the network can convey an ICMPv6 Parameter Problem
message from the destination node to the source node.In order to support the above-mentioned procedures, this document
defines a new IPv6 option, called the Probe option. The Probe option
elicits an ICMPv6 Parameter Problem message from all nodes that process
it. It elicits an IPv6 Parameter Problem message, regardless of whether
the processing node recognizes the option. When a source node sends a
packet that contains the Probe option and receives an ICMPv6 Parameter
Problem message in response, it has verified the above-mentioned network
capabilities.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only
when, they appear in all capitals, as shown here. depicts the Probe
Option.Option fields are as follows:Option Type - Probe Option. Value TBD by IANA. See Notes
below.Opt Data Len - Length of Option Data, measured in bytes.Option Data - MUST be set to zero on transmission. MUST be
ignored on receipt.The Opt Data Len and Option Data fields can be used to expand the
Probe Option and the Destination Options header that contains it to a
required length. See for details.A packet MAY contain multiple instances of the Probe option. In IPv6,
the maximum size of a Destination Options header is 2048 bytes, while
the maximum size of an option instance is only 256 bytes. Therefore,
multiple instances of the Probe option are required to expand the
Destination Options header beyond 256 bytes.All nodes process the Probe option as follows, regardless of whether
they recognize the option:Discard the packet.Send an ICMPv6 Parameter Problem, Code 2, message to the packet's
Source Address, pointing to the unrecognized Option Type.NOTE 1: The highest-order two bits of the Option Type (i.e., the
"act" bits) are 10. These bits specify the action taken by a destination
node that does not recognize Probe option. The required action is to
discard the packet and send an ICMPv6 Parameter Problem, Code 2, message
to the packet's Source Address, pointing to the Probe Option Type.NOTE 2: The third highest-order bit of the Option Type (i.e., the
"chg" bit) is 0. This indicates that Option Data cannot be modified
along the path between the packet's source and its destination.Assume that a source node needs to determine whether the network can
convey a packet from itself to a destination node. The packet contains a
Destination Options header whose length is N bytes. As per , the Destination Options header length must be a
multiple of 8. Therefore, N must be a multiple of 8.The source node executes the following procedure:Set a short timer (e.g., one or two seconds).Send a probe packet.Wait for either a) an ICMPv6 Parameter Problem message that
matches the probe packet, or b) timer expirationThe probe packet contains an IPv6 Destination Options header and the
IPv6 Destination Options header contains one or more instances of Probe
option. The number of Probe option instances and the length of Option
Data in each instance are chosen so that the Destination Options header
length will be equal to N.In order to influence how the packet is routed to its destination,
the probe packet MAY contain upper-layer headers. However, because the
packet contains the Probe option, it is always discarded and is never
delivered to an upper-layer protocol.An ICMPv6 Parameter Problem message matches a probe packet if the
initial bytes of the probe packet appear in the ICMP Parameter Problem
message.If the source node receives an ICMP Parameter Problem message that
matches the probe, both of the following statements are true:The network can convey a packet containing a Destination Options
header of a specific size from the source node to a destination
node.The network can convey an ICMPv6 Parameter Problem message from
the destination node to the source node.If the timer expires, at least one of the following statements is
true:The network cannot convey a packet containing a Destination
Options header of a specific size from the source node to a
destination node.The network cannot convey an ICMPv6 Parameter Problem message
from the destination node to the source node.Either the probe or the ICMPv6 Parameter Problem message was lost
due to a transient issue (e.g., congestion).As noted above, transient issues can cause false negative results.
Therefore, this procedure MAY be repeated after initial failure.This document introduces no new security vulnerabilities. Any
security vulnerabilities exposed by the Probe option are currently
exposed by all undefined or unrecognized option types. This is because
the Probe option elicits the same behavior as an undefined or
unrecognized optionIANA is requested to allocate a codepoint from the Destination
Options and Hop-by-hop Options registry
(https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2).
This option is called "Probe". The "act" bits are 10 and the "chg" bit
is 0.Thanks to Ross Callon, Fernando Gont and Jinmei Tatuya for their
careful review of this document.